Your automation platform is an active RCE gateway for attackers. ⚙️
CVE-2025-68613 · Severity 9.9 · CISA KEV Addition for n8n Expression Injection.
The @[CISA](urn:li:organization:13010360) has added a critical vulnerability in the n8n automation platform to its Known Exploited Vulnerabilities catalog. This expression injection flaw allows an unauthenticated attacker to execute arbitrary system-level commands, providing a direct path to full server compromise.
Automation platforms like n8n are high-value targets because they often possess deep administrative access to connected SaaS apps and internal databases. Attackers are currently leveraging this flaw to establish persistence and move laterally across enterprise networks.
The uncomfortable truth: Your automation workflows are the new shadow IT perimeters, often operating with more privilege and less scrutiny than your core production servers.
→ Update n8n to version 1.120.4, 1.121.1, or 1.122.0 immediately to address CVE-2025-68613.
→ Strictly isolate all automation management interfaces from the public internet using secure VPNs.
→ Audit your workflow logs for any unauthorized modifications or anomalous outbound API requests.
#Cybersecurity #AppSec #Automation #ZeroTrust #SOC #CodeDefence